force regenerate session id on successful login, remove previous blank SID check
This commit is contained in:
parent
74736fce0f
commit
65e98f4086
|
@ -476,8 +476,6 @@ class Handler_Public extends Handler {
|
||||||
session_set_cookie_params(0);
|
session_set_cookie_params(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@session_start();
|
|
||||||
|
|
||||||
if (authenticate_user($login, $password)) {
|
if (authenticate_user($login, $password)) {
|
||||||
$_POST["password"] = "";
|
$_POST["password"] = "";
|
||||||
|
|
||||||
|
@ -501,6 +499,10 @@ class Handler_Public extends Handler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
// start an empty session to deliver login error message
|
||||||
|
@session_start();
|
||||||
|
|
||||||
$_SESSION["login_error_msg"] = __("Incorrect username or password");
|
$_SESSION["login_error_msg"] = __("Incorrect username or password");
|
||||||
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
|
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
|
||||||
}
|
}
|
||||||
|
|
|
@ -712,7 +712,14 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user_id && !$check_only) {
|
if ($user_id && !$check_only) {
|
||||||
@session_start();
|
|
||||||
|
if (session_status() != PHP_SESSION_NONE) {
|
||||||
|
session_destroy();
|
||||||
|
session_commit();
|
||||||
|
}
|
||||||
|
|
||||||
|
session_start();
|
||||||
|
session_regenerate_id(true);
|
||||||
|
|
||||||
$_SESSION["uid"] = $user_id;
|
$_SESSION["uid"] = $user_id;
|
||||||
$_SESSION["version"] = VERSION_STATIC;
|
$_SESSION["version"] = VERSION_STATIC;
|
||||||
|
|
|
@ -160,9 +160,5 @@
|
||||||
if (!defined('NO_SESSION_AUTOSTART')) {
|
if (!defined('NO_SESSION_AUTOSTART')) {
|
||||||
if (isset($_COOKIE[session_name()])) {
|
if (isset($_COOKIE[session_name()])) {
|
||||||
@session_start();
|
@session_start();
|
||||||
|
|
||||||
if (!$_SESSION['uid']) {
|
|
||||||
logout_user();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue